Solved

What does this R0 line mean? / HijackThis Log

Posted on 2011-02-27
7
652 Views
Last Modified: 2013-12-06
Hi Friends

I have also found this R0 line on a HijackThis Log from a customer.
HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

I know this is for Internet Explorers starting page and search assistant. But what does this line mean exactly? Where can I find more information’s about this line? Why is nothing behind the = ? I have also found some logs with Obfuscated. Is this Spyware? Because I have read this is a sign of spyware and difficult to remove such an infection.

Thank you very much
0
Comment
Question by:awawada
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 22

Assisted Solution

by:optoma
optoma earned 125 total points
ID: 34991399
Hi.
Some info regarding HJT
http://www.bleepingcomputer.com/tutorials/tutorial42.html#RDiag

That line is ok to the best of my knowledge :)

Upload the log to Hijackthis.de to be analyzed and there is an info button beside each line.
http://www.hijackthis.de/


>Apart from that, machine behaving ok?
0
 
LVL 4

Expert Comment

by:FastSi
ID: 34991407
"HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =" with nothing after it I assume it means your browser is not starting with any addon toolbars, I get the same result with nothing after = iwhen I do a scan and mines clean.

not sure about the Obfuscated
0
 
LVL 4

Assisted Solution

by:FastSi
FastSi earned 125 total points
ID: 34991423
Hijack this is by trendmicro so could also post on http://community.trendmicro.com/t5/Malware-Discussions/bd-p/malware
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 18

Author Comment

by:awawada
ID: 34991468
@optoma
Hi optoma

after a long time. hope you are fine?
I know this Tutorial it's pretty good, but i dont find much infos about:
HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

@FastSi
good idea with http://community.trendmicro.com/t5/Malware-Discussions/bd-p/malware .
Are you sure this has something to do with addon toolbars? Has this nothing to do with Internet Explorer Links folder with the Favorites?
0
 
LVL 35

Accepted Solution

by:
torimar earned 250 total points
ID: 34991918
If you launch IE, and go to the Favorites menu, you will see a folder called "Links" in that menu. If you delete it, it will be recreated automatically.

That is what the registry entry:
HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName

controls. If "LinksFolderName=Links" the folder will be recreated, if "LinksFolderName=" it will not be recreated.
This is a popular registry tweak: http://www.pctools.com/guides/registry/detail/550/

"LinksFolderName=Links" is the default entry; as long as it is active, HJT does not include the key in its scan report. Once it is changed, HJT will report this.

You could easily let HJT fix the issue, but that may not be in the interest of your client if he/she intentionally applied this reg tweak.
0
 
LVL 22

Expert Comment

by:optoma
ID: 34992197
Hi Awawada.
Been a while. All is fine, thankfully as ever! :)


0
 
LVL 18

Author Closing Comment

by:awawada
ID: 34993110
Thanks Friends!
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
Some of the most commonly posted questions in the "Virus & Malware" Zones are related to the family of rogue malware with the date "2012" somewhere in the title. Examples: XP Antispyware 2012 XP Antivirus 2012 XP Security 2012   XP Home Sec…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question